mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
Manually port Steven Dannenman fix for using the correct machine domain when
looking up trust credentials in our tdb.
commit fd0ae47046
Author: Steven Danneman <sdanneman@isilon.com>
Date: Thu May 8 13:34:49 2008 -0700
Use machine account and machine password from our domain when
contacting trusted domains.
This commit is contained in:
parent
36ba31e39b
commit
69b37ae607
@ -1560,10 +1560,10 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Just get the account for the requested domain. In the future this
|
||||
* might also cover to be member of more than one domain. */
|
||||
/* Here we are a domain member server. We can only be a member
|
||||
of one domain so ignore the request domain and assume our own */
|
||||
|
||||
pwd = secrets_fetch_machine_password(domain, &last_set_time, channel);
|
||||
pwd = secrets_fetch_machine_password(lp_workgroup(), &last_set_time, channel);
|
||||
|
||||
if (pwd != NULL) {
|
||||
*ret_pwd = pwd;
|
||||
|
@ -706,12 +706,12 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
/* this is at least correct when domain is our domain,
|
||||
* which is the only case, when this is currently used: */
|
||||
/* For now assume our machine account only exists in our domain */
|
||||
|
||||
if (machine_krb5_principal != NULL)
|
||||
{
|
||||
if (asprintf(machine_krb5_principal, "%s$@%s",
|
||||
account_name, domain->alt_name) == -1)
|
||||
account_name, lp_realm()) == -1)
|
||||
{
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user